Pokemon Go: What security awareness programs should be doing now

Pokemon Go represents a tremendous security threat. As with all tremendous threats, it can also be your greatest opportunity.

I have to admit that Pokemon Go took me by surprise. I had no idea why people just told me they were going out for no apparent reason. Younger people were more blatant, but it was not until early this week that I realized that it was a phenomenon that was impacting the workplace.

People of all ages, including your coworkers, are playing at record rates. Most important, they are bringing the app into the workplace, and using it on cellphones that also access work related information. It is a significant security vulnerability.

That being said, it means that awareness programs are at the front and center to protect corporate assets. At the same time, you can also appear to be the champion for the workers. Security awareness might never be more welcome. Even if people think the app is “stupid”, frequently they have family members or other loved ones playing the game.

People hear about malicious apps spoofing the actual Pokemon Go app. They hear about the app tracking them and having access to all of their data. They hear about people being mugged and finding dead bodies. People are excited, but they are concerned. This is your time to shine.

All security programs, led by the security awareness team, should immediately create information about the security concerns, and what to do about them.

Clearly, there is a focus on mobile device security, but there are also issues concerning privacy, password security, and safety. For this reason, I recommend that you create tip sheets for distribution to all employees. Possible content to include would be:

Ensure that you only download the official Pokemon Go app

Ensure that your cellphone operating system is up to date

As the app preferably uses Google accounts for authentication and tracking, consider creating a Google account just for that purpose

Ensure that your password is strong

Review app permissions, and remove as many permissions as possible

Consider installing anti-malware software on your cellphone

Be aware of the potential for crime

Remain alert. Carelessness will cause more injuries than crime

Never drive while playing the game

Most important, if your organization uses Google apps, clearly state that employees should never use their corporate account for Pokemon Go or any other games.

You may want to provide references to additional resources for mobile device management, creating a strong password, and other relevant issues. Providing contact information for the security team would be welcome. In defining the additional resources, consider that many people may want to share the information with their friends and family, so avoid using links and resources that are only available on your intranets.

It is a unfortunately extremely likely that some of your employees will eventually compromise information due to downloading malware on their mobile devices. It is guaranteed that the productivity of many employees will be impacted by the game. You can warn people about these issues, but you do not have ultimate control of them. You can however take advantage of the situation, and seem like their protector, and more than their overseer.

Personally, I am impressed by the business success of the game. I am also impressed that the gamification success. Pokemon Go would be a considered a huge gamification success for corporate wellness programs given how it encourages people to exercise. A companion article will be published shortly that highlights the true gamification principles used in Pokemon Go, and how it differs than most self-proclaimed gamification programs.

From a security perspective, Pokemon Go, itself, is as security nightmare. It is a productivity nightmare. However, you can take advantage of the situation and use it to highlight the importance of practicing good security behaviors. Don’t let a great opportunity go to waste.

Ira Winkler, CISSP is president of Secure Mentem and can be contacted at http://www.securementem.com

PCW Evaluation Team

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.